<?php
//Set up the system
require('config.include.php');
//Auth stuff
require('auth.include.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Delete A User</title>
<link rel="stylesheet" href="admin.css" />
</head>

<body>
<div id="wrapper">
	<div id="header">
    	<?php echo('<a href="../" class="breadcrumb">'.SITE_TITLE.'</a> &raquo; <a href="dashboard.php" class="breadcrumb">Dashboard</a> &raquo; <a href="deleteuser.php" class="breadcrumb">Delete A User</a>'); ?>
    </div>
    <div id="sidebar">
<?php
	require('nav.include.php');
?>
    </div>
    <div id="content">
        <div class="contentblock">
			<?php
				$printform=false;
				if(!isset($_REQUEST['userid'])) {
					echo('<h2>Which user would you like to delete?</h2>');
					$users=$_p->tb_users->select('true');
					if(count($users)>0) {
						//Count users
						$total_users=count($users);
						echo('<ul>');
						foreach($users as $row_id=>$row_data) {	
								echo('<li>
									<a href="deleteuser.php?userid='.$row_id.'&amp;delete"><strong>'.htmlentities($row_data['username'],ENT_QUOTES,"UTF-8").'</strong></a>
									</li>');
						}
						echo('</ul>');
					}
					else {
						echo('There are no users.');
					}
				}
				elseif(isset($_REQUEST['delete'])) {
					if(!isset($_REQUEST['confirm'])) {
						$users=$_p->tb_users->select('true');
						$shifttolist = '<select name="shiftto">';
						foreach($users as $row_id=>$row_data) {	
							if ($row_id==$_REQUEST['userid'])
								$shifttolist.='<option value="">Nobody</option>';
							else
								$shifttolist.='<option value="'.$row_data['username'].'">'.htmlentities($row_data['username'],ENT_QUOTES,"UTF-8").'</option>';
						}
						$shifttolist .='</select>';
						echo('<h2>Deleting User</h2>
						Enter the password for "'.htmlentities($_p->tb_users->getFieldValue($_REQUEST['userid'],'username'),ENT_QUOTES,"UTF-8").'" to confirm delete.<br />
						<form action="deleteuser.php" method="post">
							<input type="password" name="duserpass" /><br />
							Give the posts by this user to: '.$shifttolist.'
							<input type="hidden" name="userid" value="'.$_REQUEST['userid'].'" />
							<input type="hidden" name="delete" value="" />
							<br />
							<input type="submit" name="confirm" value="Confirm" />
						</form>
						<a href="deleteuser.php">Cancel</a>');
					}
					else {
						$postsbyuser=$_p->tb_posts->select('%author%==\''.$_REQUEST['userid'].'\'',array());
						if($_POST['shiftto']!='')
							$uid=$_p->tb_users->firstMatchingId('strtolower(%username%)==strtolower(\''.fetch::qEscape($_POST['shiftto']).'\')');
						if($uid!==false) {
							if(md5($_REQUEST['duserpass'])==$_p->tb_users->getFieldValue($_REQUEST['userid'],'hash')) {
							
								if(count($postsbyuser)>0) {
									if($_POST['shiftto']=='') {
										foreach($postsbyuser as $postid=>$junk)
											$_p->tb_posts->dropRow($postid);
										$_p->tb_posts->commit();
										$_p->delete_user($_REQUEST['userid']);
										echo('<h2>Deleted User</h2>
										All posts by this user have been deleted.<br />
										<a href="deleteuser.php">Return</a>');
									}
									else {
										$shiftid=$_p->usernameToId($_POST['shiftto']);
										if($shiftid!==false) {
											foreach($postsbyuser as $postid=>$junk)
												$_p->tb_posts->updateRow($postid,array('author'=>$shiftid));
											$_p->tb_posts->commit();
											$_p->delete_user($_REQUEST['userid']);
											echo('<h2>Deleted User</h2>
											All posts by this user have been shifted to the user "'.htmlentities($_POST['shiftto'],ENT_QUOTES,"UTF-8").'"<br />
											<a href="deleteuser.php">Return</a>');
										}
										else {
											echo('<h2>Error</h2>
											Alternate user does not exist<br />
											<a href="deleteuser.php">Return</a>');
										}
									}
								}
								else {
									$_p->delete_user($_REQUEST['userid']);
									echo('<h2>Deleted User</h2>
									<a href="deleteuser.php">Return</a>');
								}
							}
							else {
								echo('<h2>Error</h2>
								Incorrect password<br />
								<a href="deleteuser.php">Return</a>');
							}
						}
						else {
								echo('<h2>Error</h2>
								User "'.htmlentities($_REQUEST['shiftto'],ENT_QUOTES,"UTF-8").'" does not exist<br />
								<a href="deleteuser.php">Return</a>');
						}
					}
				}
				else {
					echo('<h2>Error</h2>
					Unknown action requested<br />
					<a href="deleteuser.php">Return</a>');
				}
			
			?>
		</div>
    </div>
    <div id="footer">
    </div>
</div>
</body>
</html>